August 26, 2016

Exploitation 103

This lecture has several walkthroughs and demos of modern binary exploitation techniques for heap and format string vulnerabilities. For heap exploitation we examine classic heap buffer overflow exploitation (e.g. unlink_macro targeting), discuss modern heap buffer overflow exploitation with safe-unlink bypassing and other techniques, cover heap spraying and use-after-free exploitation. We have two examples of format string exploitation, demonstrating different techniques. Finally we discuss the cornerstone of defenses against modern binary exploitation: exploit mitigations like stack cookies, Data Execution Prevention (DEP), No Execute (NX), Address Space Layout Randomization ASLR, and more. Finally we of course discuss how each exploit mitigation is bypassed. Slides for this lecture begin on slide 56. At this time, students are expected to have completed Homework 4, assigned in Lecture 08: Reverse Engineering x86 102.